通过自定义策略级别为程序集提供对共享点的完全信任不起作用

发布于 2024-07-20 13:47:07 字数 3640 浏览 6 评论 0原文

我正在构建几个 ucercontrol。 这些用户控件将托管在智能部分的返回中。 我面临的问题是,与他们一起的我的集会没有适当地提供足够的权利。

为了实现这一目标,您(基本上)有三个选择;
1.将站点设置为完全信任级别(显然不希望这样做,对我来说也不起作用。程序集不受信任)
2.将组件放入gac中(也尝试过,也不起作用)。
3. 安全方面,我希望授予我的程序集一套特殊的权利。

这可以通过自定义信任文件来完成。 这是我到目前为止想到的,但它不起作用。 有人能指出我在这方面的正确方向吗?

在安全类元素中添加了这两个子句;

<SecurityClass Name="AssemblyOne" Description="MyAssemblies.AssemblyOne, Version=1.0.0.0, Culture=neutral, PublicKeyToken=132bddbb4f2e45f2"/>
<SecurityClass Name="AssemblyTwo" Description="MyAssemblies.AssemblyTwo, Version=1.2.0.0, Culture=neutral, PublicKeyToken=e5141be41498e913" />

在命名权限集中添加了此子句

        <PermissionSet
                class="NamedPermissionSet"
                version="1"
                Name="SPFULL"
                Unrestricted="true">
          <IPermission
                  class="AspNetHostingPermission"
                  version="1"
                  Level="Minimal"
                        />
          <IPermission
                  class="SecurityPermission"
                  version="1"
                  Flags="Execution"
                        />
          <IPermission class="WebPartPermission"
                  version="1"
                  Connections="True"
                        />
          <Assemblies>
            <Assembly Name="MyAssemblies.AssemblyOne" Version="1.0.0.0" PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010015fd63eb99fee087978556fcf698fae059d75307d1ee8e44486a349ea87843344440af9051d4434bac1d219b3a219d5f0ff50e8c0ed9eb7c07eab19d9ff0494ecaafc5ce1cb65d59ddd153b0f09790d6641af0325aaceb81c2e55c4610a1c18ae9f5a476de2282918a293726bce20aa932e06666b4e8b6885775b919a93a91a9" />
            <Assembly Name="MyAssemblies.AssemblyTwo" Version="1.2.0.0" PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001007da2bfd8e8ec53bd9caa8a5e3af2408cabd60b04c1df80bf8cbad447addaa8a7854818c77ea4f1ada3b73f33836b716999a5aac2475b22c676cedb3fe42cb2ebfba9dc20c04b1baab5a75ead6169b45d1dbef0bcbe82d5f862f954739ed100eaf41425eddd559aee883c055da038d0d8c2e998db799d6e1995ddea95a48eb0b4" />
          </Assemblies>
        </PermissionSet>

,然后我将此子句添加到现有的“默认”代码组之上;

<CodeGroup
        class="UnionCodeGroup"
        version="1"
        PermissionSetName="SPFULL"
        Name="My first Web Part"
        Description="This code group grants the my first web part full permissions.">
        <IMembershipCondition
          class="StrongNameMembershipCondition"
          version="1"              PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010015fd63eb99fee087978556fcf698fae059d75307d1ee8e44486a349ea87843344440af9051d4434bac1d219b3a219d5f0ff50e8c0ed9eb7c07eab19d9ff0494ecaafc5ce1cb65d59ddd153b0f09790d6641af0325aaceb81c2e55c4610a1c18ae9f5a476de2282918a293726bce20aa932e06666b4e8b6885775b919a93a91a9" />
        <IMembershcipCondition
          Class="StrongNameMembershipCondition"
          version="1"
          PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001007da2bfd8e8ec53bd9caa8a5e3af2408cabd60b04c1df80bf8cbad447addaa8a7854818c77ea4f1ada3b73f33836b716999a5aac2475b22c676cedb3fe42cb2ebfba9dc20c04b1baab5a75ead6169b45d1dbef0bcbe82d5f862f954739ed100eaf41425eddd559aee883c055da038d0d8c2e998db799d6e1995ddea95a48eb0b4"/>
      </CodeGroup>

谁能向我指出如何做到这一点?

I'm building a couple of ucercontrols. These usercontrols will be hosted within the return of the smartpart. The problem i'm facing is that my assembly that goes with them, is not properly provided with sufficient rights.

To achive this you've (basically) got three options;
1. set the site to full trust level (do not want this obviously, aint working for me either. The assembly is not trusted)
2. place the assembly in the gac (tried that too, also not working).
3. security wise what I would like is to grant my assembly with a special set of rights.

This can be done by means of a custom trust file. This is what I came up with so far, but it is not working. Can someone point me in the right direction on this one?

added these two clauses at the security classes element;

<SecurityClass Name="AssemblyOne" Description="MyAssemblies.AssemblyOne, Version=1.0.0.0, Culture=neutral, PublicKeyToken=132bddbb4f2e45f2"/>
<SecurityClass Name="AssemblyTwo" Description="MyAssemblies.AssemblyTwo, Version=1.2.0.0, Culture=neutral, PublicKeyToken=e5141be41498e913" />

added this clause in the named permission sets

        <PermissionSet
                class="NamedPermissionSet"
                version="1"
                Name="SPFULL"
                Unrestricted="true">
          <IPermission
                  class="AspNetHostingPermission"
                  version="1"
                  Level="Minimal"
                        />
          <IPermission
                  class="SecurityPermission"
                  version="1"
                  Flags="Execution"
                        />
          <IPermission class="WebPartPermission"
                  version="1"
                  Connections="True"
                        />
          <Assemblies>
            <Assembly Name="MyAssemblies.AssemblyOne" Version="1.0.0.0" PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010015fd63eb99fee087978556fcf698fae059d75307d1ee8e44486a349ea87843344440af9051d4434bac1d219b3a219d5f0ff50e8c0ed9eb7c07eab19d9ff0494ecaafc5ce1cb65d59ddd153b0f09790d6641af0325aaceb81c2e55c4610a1c18ae9f5a476de2282918a293726bce20aa932e06666b4e8b6885775b919a93a91a9" />
            <Assembly Name="MyAssemblies.AssemblyTwo" Version="1.2.0.0" PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001007da2bfd8e8ec53bd9caa8a5e3af2408cabd60b04c1df80bf8cbad447addaa8a7854818c77ea4f1ada3b73f33836b716999a5aac2475b22c676cedb3fe42cb2ebfba9dc20c04b1baab5a75ead6169b45d1dbef0bcbe82d5f862f954739ed100eaf41425eddd559aee883c055da038d0d8c2e998db799d6e1995ddea95a48eb0b4" />
          </Assemblies>
        </PermissionSet>

then I added this clause above the the existing 'default' code group;

<CodeGroup
        class="UnionCodeGroup"
        version="1"
        PermissionSetName="SPFULL"
        Name="My first Web Part"
        Description="This code group grants the my first web part full permissions.">
        <IMembershipCondition
          class="StrongNameMembershipCondition"
          version="1"              PublicKeyBlob="002400000480000094000000060200000024000052534131000400000100010015fd63eb99fee087978556fcf698fae059d75307d1ee8e44486a349ea87843344440af9051d4434bac1d219b3a219d5f0ff50e8c0ed9eb7c07eab19d9ff0494ecaafc5ce1cb65d59ddd153b0f09790d6641af0325aaceb81c2e55c4610a1c18ae9f5a476de2282918a293726bce20aa932e06666b4e8b6885775b919a93a91a9" />
        <IMembershcipCondition
          Class="StrongNameMembershipCondition"
          version="1"
          PublicKeyBlob="00240000048000009400000006020000002400005253413100040000010001007da2bfd8e8ec53bd9caa8a5e3af2408cabd60b04c1df80bf8cbad447addaa8a7854818c77ea4f1ada3b73f33836b716999a5aac2475b22c676cedb3fe42cb2ebfba9dc20c04b1baab5a75ead6169b45d1dbef0bcbe82d5f862f954739ed100eaf41425eddd559aee883c055da038d0d8c2e998db799d6e1995ddea95a48eb0b4"/>
      </CodeGroup>

Can anyone point out to me how to get this right?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

聆听风音 2024-07-27 13:47:07

我不明白为什么将两个 dll 放入 GAC 或将 web.config 设置更改为 FullTrust 不起作用。 你不能给它更多的权限。 您确定您遇到的问题与安全相关吗? 如果您只将其中一个 dll 放入 GAC 中,您是否具有 [程序集:AllowPartiallyTrustedCallers()] 属性?

只是一个旁注:
您应该将权限集放在 WSP:s manifest.xml 中,这将确保在部署该功能时,SharePoint 在所有 frontweb 上为 dll 设置正确的权限。 这将使管理变得更加容易。

http://msdn.microsoft.com/en-us/library/aa543901。 ASPX

I fail to see how putting both dll in the GAC or changing the web.config setting to FullTrust doesn't work. You cant give it more permissions than that. Are you sure the problem you are experiencing is security related? In case your putting just one of the dlls in the GAC, do you have the [assembly:AllowPartiallyTrustedCallers()]-attribute?

Just a side note:
You should put your permission set in the WSP:s manifest.xml instead, that will make sure SharePoint sets the right permisson for the dll on all frontweb when the feature is deployed. It will make administration easier.

http://msdn.microsoft.com/en-us/library/aa543901.aspx

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文